Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ethics In IT

kdawson posted more than 6 years ago | from the oxymoron-of-the-day dept.

Education 466

chiefloko writes "I am presently taking a Business Ethics class while earning my MBA. For my final paper topic I have chosen 'Ethics within the Information Technology realm.' Over the past 13 years I have worked for three corporations and have seen everything from the typical BOFH to ungodly pirated software use. I also bore witness to a remote user logging in to a poorly administrated Sun station, finding out s/he was root, and then reading co-workers' emails. I am interested in what the norm is for ethics in the IT world and some of the stories and outcomes."

cancel ×

466 comments

Sorry! There are no comments related to the filter you selected.

Ethically speaking (-1, Offtopic)

eclectro (227083) | more than 6 years ago | (#22377330)

I never read slshdot.

Re:Ethically speaking (4, Funny)

TheVelvetFlamebait (986083) | more than 6 years ago | (#22377762)

I never read slshdot.
...or at least its title.

FIRST POST (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22377332)

FIRST POST!

You need to clarify your question (4, Insightful)

arivanov (12034) | more than 6 years ago | (#22377344)

Whose ehics are you talking about?

The Ethics of an MBA giving IT orders, the ethics of a BOFH doing his job, the ethics of a developer?

Let's not speak of Joe Average consumer of IT as he actually has no IT Ethics, he applies his Ethical viewpoint to IT so his inclusion will only muddle up the concepts.

Each of these communities (PHB, BOFH, Developers) has their own ethical codes (or lack of). While there is a great difference between them, there are not that many differences between members of a particular caste.

Re:You need to clarify your question (5, Insightful)

MindKata (957167) | more than 6 years ago | (#22377570)

You also have to add in the ethics of other departments within a company. I've found often to my surprise, the ethics of sales people & marketing people are at times very different from that of programmers and other workers in a company.

Many sales people are not scientifically minded people. I'm a programmer and I worked in one company where the programmers were on one side of a desk divider and the other side had the sales people. We were killing ourselves laughing at then kinds of statements sale people were making about the products we were creating!. Often it wasn't based on fact at all. Ignorance or ethics? ... call it what you will, but to a sales person, its also part of the game they play.

They talk with complete conviction on a subject and it sounds like they know what they are saying (to anyone who doesn't know the subject), but with programmers I've found we often add disclaimers, because we see there are gaps in our knowledge and gaps in areas where we want to carry out more tests etc... Sales people's eyes often glaze over and they loose interest after telling them details for more than a few seconds. They don't what to know the details. They want to push a certain version of the truth (to me that's not truth at all and its ethically wrong, yet to sales people, its part of their way of communicating).

Also the ethics of high up bosses are often even worse than sales people. But they often do have one personality trait that helps them deal with sales people, as bosses I have found are often very distrustful people, even though on the surface they give a good image of confidence, deep down they show their insecurity and distrust of others. (Many even have recognisable personality disorders like NPD). They approach dealing with others, in a very different way to e.g. how programmers would work together.

The whole subject of ethics especially in big business like IT is very subjective depending on what people you ask.

Re:You need to clarify your question (3, Interesting)

clickclickdrone (964164) | more than 6 years ago | (#22377664)

I read a study recently that indicated a very high % of senior execs are actually psychopathic (as in total lack of empathy) noting that it is actually a desirable trait to get to the very top. Being able to make hard decisions by looking at the bigger picture despite the decision hurting some people along the way is something most people have trouble with so someone with said trait is likely to do well and often does. Psychopaths also tend to have charisma in spades which helps.

Re:You need to clarify your question (5, Informative)

pdwalker (113292) | more than 6 years ago | (#22377774)

That's sociopaths [caltech.edu] , not psychopaths [wikipedia.org] .

Think of it as the difference between a politician and a serial killer.

Re:You need to clarify your question (1)

clickclickdrone (964164) | more than 6 years ago | (#22377810)

Thank you for the correction - an important difference it would seem although I'll wager there's a few of both in senior positions!

Re:You need to clarify your question (4, Funny)

lorenzino (1130749) | more than 6 years ago | (#22377854)

Think of it as the difference between a politician and a serial killer.
Sorry, what difference again ?

Re:You need to clarify your question (5, Funny)

mux2000 (832684) | more than 6 years ago | (#22377888)

You didn't read your own links, did you? From your Wikipedia link:

Psychopathy is a psychological construct describing immoral and antisocial behavior.[1] The term is often used interchangeably with sociopathy[2].
Actually, the difference between a politician and a serial killer is the amplitude of the mental disorder, not its type. Politicians obviously have it much harder.

One time, I had to write a paper on Ethics in IT (0)

Anonymous Coward | more than 6 years ago | (#22377718)

So, I posed a question to Slashdot and uses those answers.

Re:You need to clarify your question (2, Insightful)

smitty_one_each (243267) | more than 6 years ago | (#22377884)

Nah, you just need to paraphrase Gandhi:
"I think ethics in IT would be a wonderful idea."

Re:You need to clarify your question (1)

GDI Lord (988866) | more than 6 years ago | (#22377918)

Caste or Knightly Order of BOFH and Knightly Order of Programmers?

When you frag a co-worker (0, Offtopic)

antifoidulus (807088) | more than 6 years ago | (#22377368)

while using your companies machines to play Halo, don't hump him or her....it will only cause inter-office strife.

Re:When you frag a co-worker (-1, Redundant)

antifoidulus (807088) | more than 6 years ago | (#22377386)

also, don't make the word "company" possessive by pluralizing it, thats just plain wrong. Instead, use "company's" :P

Re:When you frag a co-worker (0)

Anonymous Coward | more than 6 years ago | (#22377730)

Perhaps he has two part-time jobs?

Re:When you frag a co-worker (0)

Anonymous Coward | more than 6 years ago | (#22377926)

Let's try again:
Also, don't make the word "company" possessive by pluralizing it. That's just plain wrong. Instead, use "company's." :P

Re:When you frag a co-worker (1)

khallow (566160) | more than 6 years ago | (#22377634)

No, it's ok as long as you hump their corpse respectfully.

CYA (2, Insightful)

Hognoxious (631665) | more than 6 years ago | (#22377370)

Cover Your Ass. That's it, that's all.

ethics? (-1, Redundant)

Anonymous Coward | more than 6 years ago | (#22377374)

What are they? Do they taste nice?

ethics require education (4, Funny)

rucs_hack (784150) | more than 6 years ago | (#22377376)

Someone who has no understanding of ethical implications regrading IT will do things they wouldn't dream of if they understood what it meant in terms of invasion of privacy..

Alas many people who use computers regularly are in this category.

I have access to the email of almost everyone I know presonally. Do I read it? Nope.

However, the reason I have access to one persons email is because they needed help stopping another person who knew their password reading every email they sent and received. In spite of my urging they have yet to change their password anew to also lock me out.

You can lead a horse to water, and if you Duct Tape a hose to its mouth, you can make it drink too.

Oh wait...

ethics require getting caught. (0)

Anonymous Coward | more than 6 years ago | (#22377550)

"Someone who has no understanding of ethical implications regrading IT will do things they wouldn't dream of if they understood what it meant in terms of invasion"

How about ethics in terms of consequences? [slashdot.org]

Re:ethics require education (3, Funny)

Anonymous Coward | more than 6 years ago | (#22377822)

Do I read it? Nope.
...

they have yet to change their password anew to also lock me out.
And how do you know they haven't changed their password yet? :)

Re:ethics require education (0)

Anonymous Coward | more than 6 years ago | (#22377904)

How do you know that the password has not been changed, to lock you out. Hve you logged into their account lately?

Reading users email? (3, Interesting)

MichaelSmith (789609) | more than 6 years ago | (#22377382)

Anyone who has time to read peoples email obviously isn't busy enough (and is easily amused).

Re:Reading users email? (1, Funny)

ozmanjusri (601766) | more than 6 years ago | (#22377436)

Anyone who has time to read peoples email obviously isn't busy enough (and is easily amused).

You clearly need to read the canonical guide [iinet.net.au] to sysadmin ethics.

it's just another case of (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22377384)

In the end of the day I started thinking that berlin writers kept tight system of propaganda of past policy in the mind and that they reused them in another context as to mourners to write their names everywhere in the most uncommon places was clearly symbolizing the population during the last 10 years. This is the city where you run the most, all the tunnels all the lays up that we went out by were controlled after finishing our pieces and taking our pictures we had to get our stuff and run before the police arrived warned by the station head chief of the alarms on the hatches.

Ethics is eithics (4, Insightful)

clickclickdrone (964164) | more than 6 years ago | (#22377390)

Irrespective of if it's IT related. You shouldn't do anything you wouldn't want done to yourself or is likely to hurt people. Just be a decent honest person.

do unto others? (4, Insightful)

wall0159 (881759) | more than 6 years ago | (#22377468)

I think a better approach is do unto others as you think they would want done to them

That helps avoid the "well, I'd want to be killed if I was gay" rationale...

"or is likely to hurt others" (0)

Anonymous Coward | more than 6 years ago | (#22377758)

Perhaps if you stop incompletely reading/quoting others, that would be a start for you.

Re:"or is likely to hurt others" (1)

Aladrin (926209) | more than 6 years ago | (#22377914)

Or perhaps he was right. There are some people that would actually think that dying is better than being gay. In that case, you aren't hurting them to kill them, you're giving them a gift. NOT killing them would be hurting them.

It's a truly fsck'd up way of thinking, but there -are- those who think that way. It is indeed much better to think in terms of the other person instead of terms of yourself, for this situation and others.

Re:Ethics is eithics (3, Funny)

HBI (604924) | more than 6 years ago | (#22377476)

Disturbingly, that does not rule out performing random fellatio in the street.

Re:Ethics is eithics (1)

pegdhcp (1158827) | more than 6 years ago | (#22377696)

While agreeing with the basic fact that "ethics is ethics" whatever the environment is, I guess it should be noted that, IT gives more power to people than it was expected during the time when ethic codes are developed in thousands of years. Before IT, you would need to have some guts to come into my house and try to look mt financial records, or love letters, or my childhood pictures, now it is very very easy to do so. You can automate any activity, either productive, or un-productive (such as unethical ones) with IT means, that would lead mass unethical activities by individuals. This should cause us to ha a different ethics in IT environment than a regular environment. The very same argument can be applied to privacy and availability of encryption to ordinary people. When government had no means to mass monitor its population, encryption issue can be trivial, but now the situation is different, as there are industrial scale monitoring facilities.

Re:Ethics is eithics (1)

jbrohan (1102957) | more than 6 years ago | (#22377920)

The ethical issues in a domain where unethical behavior is unlikely to be discovered directly is a very interesting problem. In Quebec we had some bridges collapse because the work was poorly executed. We can pry into others business and write programs without bothering to test them, we should do these things better. Neville Shute in Round the Bend discusses this problem in the setting of the expanding airlines just after world war 2, expanding into the Far East. He describes a form or religion of aircraft engineers. The suggestion is that the solution to this ethical problem cannot be solved in the domain in which it is presented, cannot be solved as a business or technological problem, but at a deeper human, spiritual level.

Unix syndrome (4, Funny)

QuantumG (50515) | more than 6 years ago | (#22377392)

Anything that isn't prohibited is not only allowed, but also ethical.

Re:Unix syndrome (4, Insightful)

value_added (719364) | more than 6 years ago | (#22377646)

Anything that isn't prohibited is not only allowed, but also ethical.

There may be some truth in that, but I don't see how that applies to interpersonal behaviour. My own preference is to defer to what my grandmother taught me: ethics is insisting on doing what's right even when no one is looking.

She also taught me to the principle of keeping things simple, both from a moral perspective and practical one. I never asked, but I'm sure she preferred vi to emacs.

Re:Unix syndrome (1)

QuantumG (50515) | more than 6 years ago | (#22377666)

When you spend your life in a perfectly enforced world you rarely have to make ethical decisions. You don't have to think "gee, should I take a look at Bob's files or not?" Because the system stops you from doing it - unlike the real world, where you have the choice of obeying the law or not, and are better off for thinking about what is right what is wrong. So when you are presented with an ethical choice.. usually as a result of some temporary granting of power.. you don't know what to do.. and it's easiest to just not think about it.

Re:Unix syndrome (1)

nilbud (1155087) | more than 6 years ago | (#22377732)

You may be insane. You seriously allow your behaviour to be dictated by external "prohibitions", wow.

Re:Unix syndrome (1)

cthulu_mt (1124113) | more than 6 years ago | (#22377770)

"Do what thou wilt shall be the whole of the law."

I think that's what you mean.

Re:Unix syndrome (0)

Anonymous Coward | more than 6 years ago | (#22377820)

"My friend here is trying to convince me that any independent contractors who were working on the uncompleted Death Star, were innocent victims when they were destroyed by the Rebels." -- Clerks

What I'm concerned about is all those programmers implementing East-German-like-spyware for control-freaked governments. Here in Germany, ISPs are required to log all your Email, Internet and Telephone communications. In case of mobile phones, they are even required to log your geographical location. There also a government-approved project to write a trojan to break into suspects' desktops. This is legal, since it has been voted by the parliament. Suits tend to see this as business as usual, but I don't feel programmers should lend their precious talent to such bluntly unethical purposes.

Ethics on an MBA? (5, Funny)

edittard (805475) | more than 6 years ago | (#22377398)

Ethics on an MBA - do the marks from this module get subtracted from your overall score?

Re:Ethics on an MBA? (1)

mwvdlee (775178) | more than 6 years ago | (#22377514)

"Business Ethics"

Does this joke need explaining?

Re:Ethics on an MBA? (1)

clickclickdrone (964164) | more than 6 years ago | (#22377562)

Oh man, just had a choking fit caused by laughing whilst eating an sandwich. Don't breath in crumbs - it's a bitch.

Ethics? (1)

muftak (636261) | more than 6 years ago | (#22377408)

Do what you like, just don't get caught.

Re:Ethics? (1)

gbobeck (926553) | more than 6 years ago | (#22377792)

Do what you like, just don't get caught.
...And remember kids, if the Cop didn't see it, you didn't do it.

Ethics in IT (1)

Anonymous Coward | more than 6 years ago | (#22377432)

Rule #1: Try not to leave blood on the carpet. There are no other rules.

Let he who is without sin... (0)

Anonymous Coward | more than 6 years ago | (#22377442)

So is it ethical to let Slashdot readers do your homework for you?

Re:Let he who is without sin... (0)

Anonymous Coward | more than 6 years ago | (#22377534)

Indeed.

1.Ask Slashdot, [insert Topic in here..].
2.Slashdotters comment on [insert Topic in here]
3. ??????
4. Profit!
5. Write down ramblings of slashdotters for grade
6. Get a C, knowing that you totally half-assed the whole thing.

Do something useful or something popular (5, Interesting)

JohnnyKlunk (568221) | more than 6 years ago | (#22377450)

While it's not strictly related to IT, I can spend a whole week doing any number of things that are really useful in the long-term to the business from an IT perspective. Or I can do something that will make the boss happy. Like a flashy widget on the intranet or a set of graphs that prove nothing. One gets me a better bonus and the favour of all those above me. One makes me a good tech. What's the norm here? Balance I guess, depends on the job. This year I'm going to spend a lot more time on the latter. Hopefully get the bonus and pay off the mortgage - most people trade ethics for a mortgage eventually.

Ethics on MBA? (1)

nagora (177841) | more than 6 years ago | (#22377452)

This is window-dressing. Ethics are irrelevant to business and if you try to be ethical you'll be screwed in no time.

TWW

Re:Ethics on MBA? (1)

mwvdlee (775178) | more than 6 years ago | (#22377520)

"Ethics" is relevant to business in that is is a great marketing word that makes your business look like it actually gives a crap. Ethics in business only exist unless more money can be made by not having ethics.

This is actually untrue (5, Insightful)

Kupfernigk (1190345) | more than 6 years ago | (#22377652)

The posts here suggesting the "business ethics" is an oxymoron are from people who obviously have no real experience of business. Real world businesses know that they have to keep both customers and suppliers happy, and the best way to do this is still to be ethical where it counts. If I treat my suppliers honestly and you try to diddle them, you may save a percent or so now, but what will happen when there is a shortage? Who will get priority?

When I was a general manager, one of my policies was always to pay the small suppliers promptly, because they need it most. That's not only ethics, it is simple common sense.

It is interesting that one of the most developed business environments in the world -that little region that includes Northern Italy, Switzerland, parts of South Germany and South-East France - relies heavily on networks of trust. I have sealed the deal there more than once with no paperwork and a handshake. I suspect that the reason that "Business ethics" needs to be taught in an MBA class is because many new graduates have fantasies of the ruthless corporate world based on Hollywood and computer games, and they need to be made a little safer before they can get out and cause their companies serious damage.

The fact that some CEOs are psychopaths should not blind us to the fact that most are not.

Re:This is actually untrue (1)

nbert (785663) | more than 6 years ago | (#22377844)

Mod parent up - this is the most insightful post so far.

On a related note I'm wondering since a few years if a more down-to-earth terminology in this field could help to gain more acceptance in the non-business world. Why do we have to call it "business ethics", if it's mostly about sound business practices? In similar vein terms like "corporate culture" sound pretty bold if you think about their actual meaning. It's not about managers performing a ritual dance before every meeting.

Re:This is actually untrue (1)

nbert (785663) | more than 6 years ago | (#22377870)

No... mistaking blockquote for br is almost as stupid as not using the preview button :/

late payment (3, Informative)

pbhj (607776) | more than 6 years ago | (#22377848)

Kupfernigk >>> "When I was a general manager, one of my policies was always to pay the small suppliers promptly, because they need it most."

Well, most companies don't hold to that.

Oft repeated rhetoric here is that a companies only purpose is to make money. You're actually depriving your shareholders of a small amount of capital by paying on time if it's possible to avoid.

I find that (as a director in a small business) we get paid late by big businesses and government organisations. They can pay late, we can't afford to sue and we need them more than they need us. We've been paid over a month late by a local council (!) for an amount equal to about 50% of our wages bill ... that doesn't help cash flow much!

Inspired by Google's early ethical policy of "do no evil" ours is "be nice". We've many times checked our behaviour, and adapted it (sometimes to our financial detriment), by following this code.

Trust simulation and purpose-blindness (5, Interesting)

Frater 219 (1455) | more than 6 years ago | (#22377462)

The point of authorization systems (like user permissions on a Unix system) is to simulate and thereby enforce the trust relationships that people have with regards to data. You aren't allowed to read my email, so you don't have read access. You're allowed to use a certain amount of disk space, so there's a quota.

But here's a problem: Technology is purpose-blind. It doesn't know for what purpose you're trying to do a particular thing -- only whether you've got access to do it. However, in the real world, we frequently want to trust someone with a particular resource, but only for certain purposes.

You're allowed to drive Daddy's T-bird to the library, but not to the hamburger stand. But the ignition system doesn't know that; it just knows you put the right key in. Your sysadmin is allowed to read your email files if she thinks something's wrong with the mail server, but not just because she thinks you're cute and wants to stalk you. But the permissions bits don't know that.

You're allowed to access Scientology's Web page to read it, but not to repeatedly reload it just to put load on their server and run up their bandwidth bill. But neither your browser (or wget) nor their server necessarily understand that.

So there's an ethical problem: you frequently have access to things for only certain purposes. How are those purposes defined and agreed on? Is it possible to make authorization systems more purpose-aware? Would that even be desirable, or would it just cause problems with unexpected situations?

Suppose Daddy's T-bird only allows you to drive to the library, by shutting off the engine if you try to go somewhere else ... and Daddy has a heart attack and you need to get him to the hospital. Down that road lie DRM and other systems that decrease the value of technology by getting in the way of legitimate uses.

Re:Trust simulation and purpose-blindness (0)

Anonymous Coward | more than 6 years ago | (#22377558)

That's a great idea!

...access Scientology's Web page to read it, but not to repeatedly reload it just to put load on their server and run up their bandwidth bill.

(just kidding :-p)

Re:Trust simulation and purpose-blindness (1)

finnw (415539) | more than 6 years ago | (#22377602)

Is it possible to make authorization systems more purpose-aware? Would that even be desirable, or would it just cause problems with unexpected situations?
What you are describing sounds like DRM, so we know the answer already: no, it won't work, but people will try to and will waste a lot of money in the process.

Audit is more important than access (2, Insightful)

Kjella (173770) | more than 6 years ago | (#22377672)

Access are for the things that you never should be able to touch. Audit seems to be working quite well for the rest. This doesn't work quite well in the sysadmin example where he can go in and read the files directly, but it's very effective in most systems where you have to go through a regular interface. I know for example banks have used that for operators that like to peek at famous people's bank accounts. Another example that I know personally is passing through project gates - the access controls are quite loose, but of course you're supposed to go up to a review meeting and actually pass the gate. There's an audit log to tell who said they had passed the gate and when, and it's not going to be pretty if they find you're bluffing.

People don't handle temptation all that well. If you put a normally honest person in a position where he could very easily and with little risk where he could do something wrong, he might do it. If it looks hard, he'll think long and hard before doing anything. If it requires a conspiracy, he almost certainly won't do it. So I'd say the solution isn't to try to limit everything up front, just make them fear that someone will peek them in the cards later.

Re:Trust simulation and purpose-blindness (1)

QuantumG (50515) | more than 6 years ago | (#22377688)

Access control systems just take away the need for ethical consideration. People don't think "should I read my friend's email", they think "do I have access to read my friend's email". If they can, they assume they should.

Why are they asking that? (0)

Anonymous Coward | more than 6 years ago | (#22377868)

I don't think "can I read someone else's stuff" so why would I bother to look?

Maybe technology SHOULD be replacing our sense of ethics if we#ve got people asking questions like that...

Re:Trust simulation and purpose-blindness (1)

Chrononium (925164) | more than 6 years ago | (#22377806)

I think that you've hit upon the great crux with any technology: it doesn't enforce a purpose (or ethical behavior), it just performs a certain function given certain input and initial conditions. In my view, technology merely allows the sphere of the user to extend. If that person wants to do bad, then the technology will be used for bad purposes. If that person wants to do good, then the technology will be used for good purposes. While this sounds like an undesirable trait, I claim it is a very desirable trait.

Technology should not try to replace our sense of ethics, for if it is possible to create something that only does good, then it is equally possible to create something that only does bad. And of course, there are cases where bad is just a few steps away from good, so many humans might fail at discerning their difference initially. A "bad" technology in these cases could be ruinous, since a good person would be *forced* to do bad without knowing it, initially. DRM, I believe, lives in the realm of authorization systems (Draconian ones, but still, authorization), while "moral" technology is hopefully without implementation.

Re:Trust simulation and purpose-blindness (1)

jamesh (87723) | more than 6 years ago | (#22377882)

You're allowed to access Scientology's Web page to read it, but not to repeatedly reload it just to put load on their server and run up their bandwidth bill. But neither your browser (or wget) nor their server necessarily understand that.

URL?

Snooping (1)

Spad (470073) | more than 6 years ago | (#22377466)

Reading through someone's emails or documents without permission is job suicide - nobody is going to hire someone who was fired for snooping through other peoples' stuff. Of course, this relies on there being some degree of auditing in place to catch you, but you shouldn't do it anyway, on principle.

Re:Snooping (1)

robo_mojo (997193) | more than 6 years ago | (#22377556)

nobody is going to hire someone who was fired for snooping through other peoples' stuff.

But you can get hired as a Private Investigator.

Re:Snooping (1)

gbobeck (926553) | more than 6 years ago | (#22377872)

...nobody is going to hire someone who was fired for snooping through other peoples' stuff.

Tell that to the NSA or CIA.

Depends on Company Policy (1)

gsslay (807818) | more than 6 years ago | (#22377474)

Most of what defines IT 'Ethics' (or at least those that relate to purely IT issues) are defined by company policy. Some company policies state that users have no right to any privacy on email. Some companies practice complete lock-down of computers and teach users that the IT Administers really are god.

So the first point of reference is company policy. The only place "ethics" come it to it is the ask if these policies are written down (rather than made up as you go along to suit the situation) and do the staff know them? Cos if they don't know them you're involved in a form of deceit where they might think their email is private.

Of course, a company that is happy to deceive their staff and without written policies can find that a lack of ethics cuts both ways. The company itself can be done over by the IT staff who have been led to believe that anything goes.

The difference between IT and other professions (5, Interesting)

Yvanhoe (564877) | more than 6 years ago | (#22377480)

One of the key difference between IT-related ethics and other fields like medicine or law is that there is no official body emitting guidelines and no rights and duties recognized by the law.

When a doctor is asked by an employer to give him medical informations about his employees, he can point out that this would be illegal.
When a sysadmin is asked by his company to monitor users' web access, there are a lot of privacy issues that are raised but never addressed in the law. I mean, it can be part of the sysadmin job to prevent company computers from accessing porn sites but knowing which users access gay websites and which are ordering viagra online is something that should never be forwarded to upper management. He cannont prevent knowing this, but there should be something akin to medical secret regarding these data.

Re:The difference between IT and other professions (2, Informative)

Anonymous Coward | more than 6 years ago | (#22377504)

Hmm.. the closest that I know of is that developers/programmers can join IEEE and/or ACM, and those organisations do have codes of ethics they expect their members to adhere to.

(It's helpful if you're ever asked to do something you consider unethical, and you can state your professional organisation membership's code of ethics forbids such behaviour. It helps you stick to your ethics because it backs you up.)

Re:The difference between IT and other professions (1)

freddled (544384) | more than 6 years ago | (#22377790)

Ditto the British Computer Society in the UK which issues professional qualifications backed by a code of ethics, code of conduct etc. The BCS and the IEEE are affiliated and there are various links to the ACM too. The BCS operates under a royal charter which is how professional qualifications are managed in the UK. You also get a nice badge which allows you to order the burning of unethical persons unless they are 'fellows' of the aforementioned institutions in which case they may opt for beheading instead. Or a career in politics.

Re:The difference between IT and other professions (1)

bcg (322392) | more than 6 years ago | (#22377542)

I've always found that knowing the correct grammar when discussing data, as the parent does, is one of the hallmarks of our profession.

So is pedantry - so include them in your practise whenever possible!

(Practise is the verb in commonwealth countries - 8 years at university very well spent)

Re:The difference between IT and other professions (1)

bcg (322392) | more than 6 years ago | (#22377564)

I should practise my usage of practice/practise in my practice more often before posting under my username.

Need another year at uni...

Re:The difference between IT and other professions (0)

Anonymous Coward | more than 6 years ago | (#22377552)

When a doctor is asked by an employer to give him medical informations about his employees, he can point out that this would be illegal.

Is it? Employer drug tests are legal in many states. The employer can probably get all the info they want from the insurance company anyway, like which employees cost a lot.

When a sysadmin is asked by his company to monitor users' web access, there are a lot of privacy issues that are raised but never addressed in the law. I mean, it can be part of the sysadmin job to prevent company computers from accessing porn sites but knowing which users access gay websites and which are ordering viagra online is something that should never be forwarded to upper management.

Why not? Many companies have a policy that internet use is for company business only.

Now, if upper management is browsing gay websites and ordering viagra online, that's something you might want to file away for future use during the next round of IT outsourcing. Just in case :)

Just obey the eleventh commandment! (0)

Anonymous Coward | more than 6 years ago | (#22377484)

11. Thou shalt not get caught

Everyone will speak of your wonderful ethics. If it works for most of the rest of senior management, why not IT?

After all, we can edit the logfiles!

ACM Code of Ethics (5, Informative)

floki (48060) | more than 6 years ago | (#22377522)

The Association for Computer Machinery (ACM) [acm.org] has a Code of Ethics [acm.org] . Have a look at it. It gives quite a lot of guidance converning professional conduct in IT.

SAGE: System Administrators' Code of Ethics (3, Informative)

ukh (715582) | more than 6 years ago | (#22377566)

And so does SAGE (for system administrators), more to the point: http://www.sage.org/ethics/ethics.html [sage.org]

Hacker Ethics (1)

gbobeck (926553) | more than 6 years ago | (#22377828)

Steven Levy wrote a basic set of rules commonly called the hacker ethic [wikipedia.org] .

In case you don't feel like clicking on the link, the Hacker Ethic is the following:

        * Access to computers -- and anything which might teach you something about the way the world works -- should be unlimited and total. Always yield to the Hands-on Imperative!
        * All information should be free.
        * Mistrust authority -- promote decentralization.
        * Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position.
        * You can create art and beauty on a computer.
        * Computers can change your life for the better.

Confessions of an IT Drone... (0)

Anonymous Coward | more than 6 years ago | (#22377524)

I worked for a small/medium sized startup as an IT drone. Once upon a time... We came into possession of end user data from a customer for a migration project. The data was stored on a server that was stolen from an employee's car. Data included tens of thousands of unencrypted customer account access credentials. The ceo who has since left the company decided it was best to ignore the right thing to do and just fore go telling them about the loss of data.

A base level for sysadmins (0)

Anonymous Coward | more than 6 years ago | (#22377536)

No songs, videos & games (0)

Anonymous Coward | more than 6 years ago | (#22377578)

That's the new security "pledge" that just came via internal mail to all the 55K+ employees in my organization, coincidentally, a few minutes back.

So, no mp3, flv or minesweeper.

Or not even OGG/Vorbis, OGG/Theora, Wesnoth!!!

Don't know how can a audio/video file free knowledge organization stay competitive!!! And our CSO (Chief Security Officer) was put on the cover page of a top networking & security magazine over here in this part of the world!

Ethics? Sure... (1)

JoshDM (741866) | more than 6 years ago | (#22377598)

...the minute I log in to my station at work, I instantly pop open the browser to peruse and respond to Slashdot articles all day with snide remarks.

Re: Ethics in IT (1)

rmdstudio (1089759) | more than 6 years ago | (#22377610)

When the IT works with the MBA, that's ethical, but when either one works for the other, that is unethical!

IT Ethics is Different from Business Ethics (4, Interesting)

Starky (236203) | more than 6 years ago | (#22377618)

The fundamental focus of ethics is different between general business and IT issues.


In many business programs, students are exhorted to compete from day one. Many students take away the message that they should maximize profits (or market share or whatever they use as a metric of success) by any means necessary.


(I have worked on a number of antitrust regulatory issues, and you would be astonished at the number of e-mails that have been unearthed in which executives send each other messages to the effect, "Let's use unfair competitive practices to squash the little guy!" I'm paraphrasing, of course, but not by much.)


In IT, on the other hand, the issues pertain more to privacy and intellectual property rights. If a system administrator reads someone's e-mail, it may be for personal gain or just out of curiosity, but it's not due to any sort of overriding business objective. Competition in IT is to build the best product, not to "get" the other guy. And the ethics reflect that.


By the way, I've also worked at a company where an admin, who reported to a manager I worked beside, was reading e-mails. The manager let him know that he knew, and that if anything came of it, it would come back to bite him, but also let it slide because (1) someone has to have access, and whoever it is will probably take a peek from time to time, and (2) he was relatively discrete about it, and others may not be. Was he unethical in letting the behavior persist?

Re:IT Ethics is Different from Business Ethics (1)

pdwalker (113292) | more than 6 years ago | (#22377786)

Was he unethical in letting the behavior persist?
Nope. Both of them should have been fired for it.

What ethics? (3, Informative)

sr8outtalotech (1167835) | more than 6 years ago | (#22377628)

Maximizing shareholder value > anything else. Seriously, ethics? I'm in the SMB consulting industry. I sign NDA's on a regular basis with consulting companies so when the consulting company violates an ethical obligation to a client I'm contractually bound not to say anything. 13 passwords all the same for 13 company's but they (not me) billed their managed services as following best practices. PPTP VPN instead of LT2P/IPSEC (a stand alone certificate server = $), no account auditing(disk space = $), no logon failure limits(disrupted users = lost $), no port security at the switch (network admin = $), etc... I've yet to run across a salesperson that didn't upsell/oversell. I think most techs realize what's ethical behavior and what's not but they get pressured into not saying anything by management and sales.

Here's a scenario that happened to me in 2006. I had a contract terminated with no reason given. 4 days before the contract was terminated I sent a memo to the CEO (I reported to him) about sending bulk email without an opt-out option and without the companies physical address. I included relevant state and federal laws regarding the issue, mainly the Can Spam Act. 3 days before the contract was terminated the CEO confronts me in front of the whole office about how they were the following the law. I flatly told him I wouldn't send them or train anyone to send them until they added physical contact information and a way to opt-out. This was in front of his entire office staff. I wanted to discuss it in private and he wanted to discuss it in front of everyone. Friday, my contract got terminated, no reason given. Take a guess as to why it was terminated?

Cultural & Legal (4, Insightful)

Aceticon (140883) | more than 6 years ago | (#22377706)

Ethics in IT is just a reflection of ethics in the world at large - what people tend to do or not to do is usually a reflection of what they believe that others expect them to do or not to do.

Often this is for cultural or even legal reasons: for example, in Holland it's forbidden by law in a company to check the web access logs for an employee unless there is reason to believe that employee is misusing the company resources or doing something illegal, while in the UK an employee can expect that anything done via the company network will be watched.

The main differences that affect the actions of people in a position of power in an IT environment and in an equivalent non-IT environment are:
  • Anonymity: the belief that "nobody will know who i really am" means that some will do online certain actions that are shunned by society at large. While acting behind an alias which cannot be traced back to the real world persona many, free of social pressures and/or direct repercussions for their actions, will act online in ways that they would not act offline (I suggest you study MMORPGs for this).
  • Decoupling from reality: often one's actions do not have a visible component in the "real" world. At it's most basically, it's easier to be unpleasant when the target is somebody you've never met personally.
  • The lower likelihood of being caught: the risk of being caught is a strong factor when considering whether or not to act in a way which might be perceived as unethical, illegal or socially unacceptable. In the "virtual" world it's easier to do some actions without being caught. For example, consider the workers in the mail room in a company vs the e-mail server administrators in that company: for whom would it be easier to read somebody else's messages without leaving a trace ...


"ungodly" and "pirated" on Slashdot? (4, Insightful)

mi (197448) | more than 6 years ago | (#22377724)

Sorry, we do not believe in Imaginary Property here. There is nothing "ungodly" about "pirated", because pirating is not exactly the same as stealing.

I am *for* ethics while not being a BOFH (0)

Anonymous Coward | more than 6 years ago | (#22377752)

Face it, it's bound to happen sooner or later.. curiosity.. and freedom.. and the enormous amount of power available sitting in your cubicle connected to the *network*. Sure, an experienced sysadmin would say ' been there done that ' , but 1)recognizing it happening with your peers again and again and then 2) deciding what the heck to do about it? keep quiet? report it? be a BOFH? I guess we all have to just face it.. these things happen.

-Nostradumbass77

They are not there (2, Interesting)

houghi (78078) | more than 6 years ago | (#22377764)

In all the companies I have worked, there was no ethical code as such. In no department I have seen such a thing. There are the general things, like not stealing and such, but those are coverd by law.

I have signed papers from the IT department that I would not do certain things on the network. Never was anything in there enforced, so it was basicaly a farce.

I have read other peoples mailboxes (after 3, I stopped, because it is utterly boring)

Basicaly it comes down to; will it harm the company or not? If it does, then you can not do it and when caught you can get fired. If not, then nobody seriously cares.

Ethics (2, Insightful)

Anonymous Coward | more than 6 years ago | (#22377796)

One of the interesting ethics issues I have seen at most of the places I have worked is how the typical person is treated versus how the executive is treated.

The typical person calls the Help Desk, gets a level 1 person who reads scripts and then if they can't help it gets escalated. If the problem is severe they might try to remote control the computer, etc. It is also, in most places I have worked, expressly forbidden to work on home machines due to liability factors (if you destroy their data for instance, catch porn on a personal computer, etc).

However, with executives they generally have a special number or person to call, they frequently have non-standard hardware/software, have people going to their house for support, etc.

In general they can get away with abusing the system and its resources. The interesting thing here is that if you talk to a lot of people in IT they have split views on whether this is ok or not. Some think that it is an executive perk. Others think it is an abuse of system resources. Others, like myself, think it gives executives a flawed view of IT (even if the typical user is getting horrid service, the executives don't see it and do not correct the issue - because it is working perfectly for them).

I think an issue like this is not as clear cut, but I'm curious to see what other people think of the same sort of thing in their company.

Re:Ethics (2, Insightful)

Kryptic Knight (96187) | more than 6 years ago | (#22377852)

One process to rule them all, One lockdown to mind them, One email system to bring them all and in the darkness bind them.

In other words, what applies to the filing clerk, also applies to the Director/CEO.

Admittedly you sometimes have to visit home locations of directors to setup company equipment, this cannot be avoided, but you don't work on their home computer equipment.

If you're going to lockdown then lockdown. If you're going to make any exceptions then you may as well not bother in the first place.

sudo (2, Insightful)

k2r (255754) | more than 6 years ago | (#22377830)

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:

                #1) Respect the privacy of others.
                #2) Think before you type.
                #3) With great power comes great responsibility.

---
That's about the ethics my teachers had when I started to learning system administration 15 years ago and this is what I'm still educating people new to this about. I never met a good admin who wouldn't passionately subscribe to this.

k2r

Re:sudo (4, Funny)

ideonode (163753) | more than 6 years ago | (#22377874)

It usually boils down to these two things:
                                #1) Respect the privacy of others.
                                #2) Think before you type.
                                #3) With great power comes great responsibility.

Talking of reading other people's emails... (5, Funny)

adrianmsmith (1237152) | more than 6 years ago | (#22377838)

A friend of a friend was working in IT as a Windows administrator. He was called to fix someone's computer, who then went out to lunch leaving the friend alone with the computer. He saw a mail on the computer that he found interesting, so he forwarded it to himself.

This is surely a bad thing to do, and the end of the story is that he got fired, but he probably would have got away with it apart from the mistake he made....

He managed to spell his own name wrong in his email address. So when the guy got back from lunch, there was a bounce mail waiting for him in his inbox....

Professional Ethics and I.T. (1)

ma11achy (150206) | more than 6 years ago | (#22377846)

Ethics in professions such as Law and Medicine (and professions that have a very
direct impact on Joe Public) are usually goverened by their licensing bodies.

You cannot practise Law without a license, neither can you practise Medicine.
An exam must be sat and passed for one to obtain a license from their professional body.

Finally, there are usually ethical codes that these licensees must follow to allow
them to continue practising. If they violate these codes, they loose their license.

Some of the comments here on this thread state that I.T may be too diverse to
define a code of ethics for, but I ask you - is it any more diverse than Medicine
or Law?

Give it time. As I.T becomes more pervasive in Joe Public's life, I think
it's advance will slow, due to the increasing rigors placed on it by regulatory
bodies concerned with "public safety", read: lawsuits.

Ethics is a personal attribute, not a rule set.. (2, Informative)

Anonymous Coward | more than 6 years ago | (#22377862)

From what I've seen in 25 years, the difference is simple personal committment. I have been put under pressure to charge clients for hours I didn't work, for being 'creative' with the truth so the real facts wouldn't show (i.e. readers would be mislead), for 'accidentally' overlooking problems because it would be politically convenient and for coming to a pre-determined conclusion by a biased look at the facts.

You have in each case two options: do what's right or do what is convenient. I prefered to do what is right, but you have to accept that in many cases this will be held against you by those that are more of the morally lazy persuasion (or who need their numbers to stack up).

The good news is that such a reputation also works in a positive way: you can become regarded as utterly unbiased, and as long as you don't have personality defects to go with it (I get on with almost anyone) you sometimes end up becoming an example.

In many cases the requested behaviour was contradicting ethics policies. Ethics policies are treated by most organisations as a marketing exercise, not as a code of behaviour. Given the examples of thos who make a real profit I can't see this change overnight..

There is no norm for ethics in IT I think (5, Informative)

oldbamboo (936359) | more than 6 years ago | (#22377900)

I've had to familiarise myself with Sarbanes Oxley (which applies only to US listed companies anyway) and that is the only piece of legislation which I am aware of which requires regular sign off of ethical conduct, and that only applies to the board I belive. Elsewhere, for IT workers, both the CISSP and CISA certifications require that a standard of ethical conduct is maintained, and a declaration of such is made by the applicant. I think ethics are only defined in this way, as a requirement for membership of specific professional organisations or for the holding of certain credentials, but these are the only ones I'm aware of. Beyond that, and this is the point, having conducted audits and reviews of a number of companies and the governance of their IT, I think this topic is universally ignored for IT staff specifically. I can not recall once seeing the discreet topic of "Ethics" enshrined within the IT policies and standards of any major company I have inspected. The best thing you can do is collect and review a number of general "End User" policies from different places and see to what degree promises to not view porn, sell secrets, access stuff you shouldn't, etc, etc, are reflected, and quantify them against the ethical requirements being taught on your MBA. IT User policies can be dredged up from the Internet ten a penny, and they should allow you to gather sufficient of them to launch an academic argument as to the provisions for ethical conduct they establish within companies or public bodies in general. The degree to which they are obeyed is impossible to measure, but you can certainly speculate on the need for regular training on ethics.

It's a people thing, not an IT thing (1)

petes_PoV (912422) | more than 6 years ago | (#22377906)

It's the people who are either ethical (do you really mean honest?) or not. There's no attribute of working in an IT environment that would change people's ethics.

Now,a more interesting question might be:

Does IT attract more or fewer honest people? The answer I'd say os that IT people are generally more honest. We are often presented with opportunities to do unethical or dishonest things and not get caught but I think the proportion of IT staff who would go down this route is lower than in the general population.

If IT people were more willing to exploit situations for their own gain, there'd be a lot more of us on yachts in tax havens.

Yeah, business ethics.. (3, Insightful)

Serhei (1150661) | more than 6 years ago | (#22377910)

Far too often, companies consider business ethics to == "not doing things that will get the company into trouble."
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>